2 The IT Service Management Process Manual - Key Processes and their Application
3 Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management - Architecture (Enterprise and IT) - Business management and - Project management Van Haren Publishing offers a wide collection of whitepapers, templates, free e-books, trainer material etc. in the Van Haren Publishing Knowledge Base: for more details. Van Haren Publishing is also publishing on behalf of leading organizations and companies: ASLBiSL Foundation, CA, Centre Henri Tudor, Gaming Works, IACCM, IAOP, IPMA-NL, ITSqc, NAF, Ngi, PMI-NL, PON, The Open Group, The SOX Institute. Topics are (per domain): IT and IT Management ABC of ICT ASL CATS CM CMMI CoBIT Frameworx ISO ISO ISO ISO/IEC ISPL IT Service CMM ITIL MOF MSF SABSA Architecture (Enterprise and IT) Archimate BIP / Novius GEA TOGAF Business Management BiSL Contract Management EFQM escm ISA-95 ISO 9000 ISO 9001:2000 OPBOK SAP SixSigma SOX SqEME Project Management A4-Projectmanagement ICB / NCB MINCE M_o_R MSP TM P3O PMBOK Guide PRINCE2 For the latest information on VHP publications, visit our website:
4 The IT Service Management Process Manual Key Processes and their Application
5 Colophon Title: The IT Service Management Process Manual Author: James Persse Copy editor: Jane Chittenden Publisher: Van Haren Publishing, Zaltbommel, Design & layout: CO2 Premedia Bv, Amersfoort NL ISBN ebook: Edition: First edition, first impression, December 2012 Copyright: Van Haren Publishing, 2012 All rights reserved. No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by the publisher. Although this publication has been composed with much care, neither author, nor editor, nor publisher can accept any liability for damage caused by possible errors and/or incompleteness in this publication. TRADEMARK NOTICES The Swirl logo is a Trade Mark of the Cabinet Office ITIL is a Registered Trade Mark of the Cabinet Office CMMI is a registered trademark of the Carnegie Mellon(R) Software Engineering Institute (SEI). PMBOK Guide is a registered trademark of the Project Management Institute (PMI). is a registered trademark of the Cabinet Office.
6 Foreword Governing and managing IT services is quite a challenge for organizations, whether large, small, private business or in the public sector, and both for the customers and the suppliers of these services. Embedded within our society as it is, IT is always changing. Servers are moved to data centers, application and other services are moved to the cloud IT related services have to be versatile nowadays and so are staff engaged in their activities. In order to define a steady basis, experts from internal and external suppliers of IT services from all over the world have contributed to the development of an internationally recognized set of common practices now known as IT service management, and ITIL as a well-known framework. Implementing and managing a service management system with the purpose of serving the customer is a journey. The organization is supposed to learn and improve continually, driven by the dynamics of ever changing business needs. ITIL has become a very rich library. This doesn t mean that all the practices have to be applied. This book was originally written as a processes manual, extracting the vital service management processes for the purpose of simplicity and guidance. That is why the terminology is based on ITIL. The selection of processes perfectly fits though with the quality requirements as laid down in the international standard ISO/ IEC 20000, as you can see in Chapter 16. The requirements of the standard offer a useful compass for the service provider to navigate the extensive best practice guidance provided by the various approaches and frameworks for IT service management. And customers can use the standard to distinguish the better internal or external service provider. The core activities in service management are: to define the type of relationship between the demand and supply side, agree with the customer the services that have to be delivered, design and develop the delivery of new or changed services, control the deployment of the services and support their use. And apply a coherent management system to govern it consistently. Standards and frameworks don t provide services, nor do they manage and improve the provision of services. People do. Using the high level process areas one can define the generic roles for professionals responsible for the operational and tactical activities in the quality approach of service management. A quality approach to service management requires professionals who understand and know how to apply the best practices. Learn today what you can apply tomorrow. If you want a learning organization you want to have staff who keep learning. If you are a service provider and you want to have your organization certified, you definitely want to have your staff certified.
7 This book takes the professional from the high level process descriptions to the tips and tools of daily practices, and then back to their context and interrelationships. As Tobi J. Leiker, IT Service Management Solution Architect for Lockheed Martin says: Sometimes starting with a familiar set of activities and translating those to repeatable steps, coupled with a plan to revisit them and improve, is the easiest way forward. James has created a true manual for a manageable, scalable rollout of ITIL. That is why EXIN recommends this book to all professionals in service management for its great support, both in practice and when preparing for certification. Rita Pilon Program Developer IT Service Management Certification EXIN
8 Acknowledgements This title has been one of the hardest publishing projects we have engaged in. On the face of it, the ITSM processes described in ITIL and also ISO are basic common sense and should be easy for the user to work with in a practical environment. In practice, there are, rightly, many different approaches to adopting ITSM process within an organizational environment. It is our great fortune that the Author and also the Reviewers used their considerable knowledge and expertise to guide and support the project. Always positive and always open to feedback on the subtleties and nuances in the market, the Publisher is indeed extremely grateful to all involved for making this delivery project a real pleasure. We would like to thank James Persse for his very considerable patience, expertise and attention to detail. His broad shoulders took on much feedback and the quality manuscript reflects this dedication and experience. We would also like to thank our ever dedicated review team as follows: Clair Agutter Theo Bosselaers Rob van der Burg Michael Busch David Jones Ali Makahleh Mark O Loughlin Rita Pilon Mart Rovers ITIL Training Zone Mitopics Microsoft IT Solution Crew Pink Elephant UK Microsoft IT Alliance EXIN InterProm USA
10 IX Contents Foreword V Acknowledgements VII Introduction Core components of IT Service Management Steps towards implementing an IT Service Management program Know the model Appreciate the value Obtain commitment Establish a service-based organization Select the program s scope Assess the organization Create your IT Service Management program Implement the program Support program use The ongoing care and maintenance of your program: Plan-Do-Check-Act Some practical tips Implementation checklist Business Relationship Management Business Relationship Management activities Process inputs and outputs Processes related to Business Relationship Management Tools and techniques Key Performance Indicators Critical Success Factors Business Relationship Management roles Benefits of effective Business Relationship Management Implementation challenges and considerations Typical assets and artifacts of a Business Relationship Management program Service Level Management Service Level Management work products Service Level Management activities Process inputs and outputs Processes related to Service Level Management Tools and techniques Critical Success Factors Key Performance Indicators
11 X 4.8. Service Level Management roles Benefits of effective Service Level Management Implementation challenges and considerations Typical assets and artifacts of a Service Level Management program Capacity Management Process activities for Capacity Management Process inputs and outputs Processes related to Capacity Management Tools and techniques Key Performance Indicators Critical Success Factors Capacity Management roles Benefits of effective Capacity Management Implementation challenges and considerations Typical assets and artifacts of a Capacity Management program Availability Management Availability Management activities Process inputs and outputs Processes related to Availability Management Tools and techniques Key Performance Indicators Critical Success Factors Availability Management roles Benefits of effective Availability Management Implementation challenges and considerations Typical assets and artifacts of an Availability Management program IT Service Continuity Management IT Service Continuity Management activities Process inputs and outputs Processes related to IT Service Continuity Management Tools and techniques Key Performance Indicators Critical Success Factors IT Service Continuity Management roles Benefits of effective IT Service Continuity Management Implementation challenges and considerations Typical assets and artifacts of an IT Service Continuity Management program Information Security Management Information Security Management activities Process inputs and outputs Processes related to Information Security Management
12 XI 8.4. Tools and techniques Key Performance Indicators Critical Success Factors Information Security Management roles Benefits of effective Information Security Management Implementation challenges and considerations Typical assets and artifacts of an Information Security Management program Change Management Change Management activities Process inputs and outputs Processes related to Change Management Tools and techniques Critical Success Factors Key Performance Indicators Change Management roles Benefits of effective Change Management Implementation challenges and considerations Typical assets and artifacts of a Change Management program Service Asset and Configuration Management Configuration Management activities Process inputs and outputs Processes related to Configuration Management Tools and techniques Key Performance Indicators Critical Success Factors Configuration Management roles Benefits of effective Configuration Management Implementation challenges and considerations Typical assets and artifacts for a Configuration Management program Release and Deployment Management Release and Deployment Management activities Process inputs and outputs Processes related to Release and Deployment Management Tools and techniques Key Performance Indicators Critical Success Factors Release and Deployment Management roles Benefits of effective Release and Deployment Management Implementation challenges and considerations Typical assets and artifacts of a Release and Deployment Management program
13 XII 12. Incident Management Incident Management activities Process inputs and outputs Processes related to Incident Management Tools and techniques Key Performance Indicators Critical Success Factors Incident Management roles Benefits of effective Incident Management Implementation challenges and considerations Typical assets and artifacts of an Incident Management program Problem Management Problem Management activities Process inputs and outputs Processes related to Problem Management Tools and techniques Key Performance Indicators Critical Success Factors Problem Management roles Benefits of effective Problem Management Implementation challenges and considerations Typical assets and artifacts of a Problem Management program Service Desk Service Desk responsibilities Processes related to Service Desk Tools and techniques Key Performance Indicators Critical Success Factors Service Desk roles Benefits of a well-executed Service Desk function Implementation challenges and considerations Typical assets and artifacts of a Service Desk function Service Management and Service Improvement Service Improvement activities Process inputs and outputs Processes related to Service Improvement Tools and techniques Key Performance Indicators Critical Success Factors Service Improvement roles Benefits of effective Service Improvement Implementation challenges and considerations Typical assets and artifacts of a Service Improvement program
14 XIII 16. Implementing a basic Process Quality Assurance function Objectivity and independence PQA activities The value of PQA Summary: ensuring success
16 Introduction Since its introduction in the mid-1980s, ITIL has attained worldwide prominence as the leading process model for the management of IT infrastructures. At the same time, as technology infrastructures have reached into every nook and cranny of corporate operations, senior executives are seeing the value of management through the use of structured IT controls. The result has been more and more companies adopting IT Service Management (ITSM) principles. As is true with any improvement initiative, adopting ITSM in an effective manner requires a set of actions that may not be familiar to many IT organizations, especially those new to process management. For that reason, this book has been prepared: The IT Service Management Process Manual. Purpose of this book This book is written to give IT executives, managers, and process analysts a comprehensive view on how to implement an IT Service Management program using the core components as a baseline. In line with that aim, this book is designed to achieve four general objectives: Point you to the key IT Service Management processes and functions Present practical tips and techniques for adopting the processes in an IT organization Highlight the relationships and flexibility inherent in the framework Orient you to key ITSM processes and functions There are 26 processes and four functions in the full ITIL framework. Each of these occupies an important place in an IT Service Management program. But not all organizations need to adopt the full set and when it comes to new programs, any expert will advise starting with a carefully selected subset and then growing from there. This book makes an effort to establish that basic subset. It presents the core processes that are essential for delivering, controlling, releasing, and maintaining IT services. Each process is described in full detail, covering process activities, roles, metrics, assets, and artifacts. Present practical tips and techniques for implementation The primary purpose of this book is a practical, tactical one. We will explore a series of tips and techniques that you can use to help design, build, and implement your program. These tips and techniques come from practitioners in the industry who have designed and implemented many similar programs, not just ITSM programs, but others as well the PMI s PMBOK, SEI s CMMI, Six Sigma, ISO 9001, and others. These programs share similar success traits with ITSM, as they are all based in the fundamentals of
17 2 The IT Service Management Process Manual process improvement and organizational change. The tips and techniques presented here help you make the most of your efforts while avoiding some of the common pitfalls that can stall or even derail a program. These tips and techniques are featured across all chapters and cover inception through implementation on to adoption by your organization. This advice is geared toward helping promote a successful, wellfocused operational design and facilitate a smooth implementation as the program is rolled out to live operation. Highlight the relationships and flexibility inherent in the framework A couple of traits of ITSM that are often overlooked, or at least under-stressed, are the interrelationships that exist among its elements and the amount of flexibility you have in putting those elements together. Some IT organizations tend to adopt ITSM processes independently of one another, as if they were standalone entities. That approach can work but it usually results in operational redundancies, duplicate work, or operational gaps. In this book we will point out where ITSM elements naturally overlap. By highlighting these relationships, this book can help you make the most of commonalities among all the core components. At the same time the book will highlight the degree of flexibility you have in interpreting the best way to adopt each in your organization. These two together the interrelationships, and the flexibility should help you create a streamlined, value-driven program, one that exploits insights while accommodating your own cultural traits. The audience for this book This book is written primarily for IT professionals who need to acquire a good understanding of the core components of ITSM. Because the emphasis is on implementation of processes, this audience is made up of four groups of stakeholders and these stakeholders typically represent those in an IT organization who will assume most of the responsibility for taking a program from concept to realization. They are Chief Technology Officers (CTOs), IT Service Managers, IT Service Management program managers and analysts, and those who will work with the program at the line level. Let s take a quick look at each of these groups. Chief Technology Officers In today s business and economic climates, more and more are being asked to establish quality controls throughout their organizations. Many factors are contributing to this. Statutory requirements like those in the Sarbanes-Oxley Act (SOX) make implementing such controls in certain organizations mandatory. Then there is the basic fiduciary responsibility allied with IT spending. Corporate leadership, investors and even industry analysts expect controls to be in place. Then there s the basic issue of managing complex environments that are likely to be growing more complex by the week. Such executives can benefit from this book with its emphasis on practical implementation. Using it, they should be able to position their teams for an effective Service Management design, development, and implementation effort.
18 Introduction 3 IT Service Managers The managerial heart of an IT Service Management program may be found in the role of the IT Service Managers. These are the people whose job it is to oversee the design and delivery of IT services, anything from to smartphones to payroll runs. By default they also oversee execution of the IT Service Management program. For that reason it is important they know the IT Service Management program well. In fact, it is important that they help build the program. This book can help managers understand the scope of ITSM core processes, grasp the details that may need to be accounted for in their service areas, and then establish a program designed for success. Process Program Manager s Process Program Managers are those people typically charged with taking an executive vision (the strategy) and making its quality goals and workflows real in the organization (through tactics). Such program owners will find in this book a structural approach to Service Operation that emphasizes the purpose and function of each component while highlighting opportunities for integration. Through this an effective program scope can be established. Process Owners work with senior managers to introduce process elements; they tend to own one or more components of a program. They ll find this book helpful because, especially in Chapters 3 through 14, it presents a tactical picture of how each ITSM process can be accounted for. Accounted for is not simply to be consistent with recommendations, but designed to be right-sized; that is, to fit well within the organizational culture, to make best use of existing best practices, and to allow for future growth and refinement. Those who work within an IT Service Management program Finally, this book should be helpful to those staff members required to operate within an IT Service Management program. While it is not necessary for everyone in an organization to understand the details ITSM, key staff (e.g. team leads) would benefit from having some exposure to the framework and access to the detail as required. This will help them to appreciate the focus and understand how their IT duties may contribute to success on a broader level. Such a big-picture appreciation can help them operate more effectively and lead their teams in a more informed and directed manner. How this book is organized This book is organized in three parts. Part 1 presents an overview of ITSM and general considerations for how process programs can be implemented. Part 2 contains descriptions of each of the core ITSM processes. Part 3 presents a discussion on the importance of continual process improvement and of ITSM s relation to ISO/ IEC The chapters break down as follows.
19 4 The IT Service Management Process Manual Chapter 1 presents the core components of ITSM. For this book the core components are the following processes: Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Change Management Service Asset and Configuration Management Release and Deployment Management Incident Management Problem Management Continuous Service Improvement Chapter 2 presents a series of steps and considerations helpful for initiating and implementing a process program. Because practical implementation is the focus of this book this chapter presents a high level implementation architecture that can be used as a management umbrella for the implementation approach contained in the chapters describing the individual processes. Chapters 3 through 15 present discussions of each of the core processes or functions. The chapters are organized to contain the following details: Introduction a description of the process in its operational context Activities steps recommended for this process Inputs/outputs typical inputs, entry criteria, outputs, and exit criteria for the process Related processes other core processes that might interact with or influence this process Tools and techniques common tools and techniques to help with process implementation Key Performance Indicators a set of conventional measures that can be used to gauge the performance of the process Critical Success Factors a set of measures to determine the operational success of the process Roles a description of the kinds of job roles that organizations commonly use for process activities and management Benefits a description of the kinds of organizational benefits that can be realized through effective process implementation. Implementation challenges and considerations descriptions of the kinds of typical hurdles that may have to be addressed in order to maximize process effectiveness Typical assets and artifacts a listing of the typical assets and artifacts commonly associated with process implementation and use Chapter 16 supports program implementation and governance with a discussion of how to establish a basic process quality assurance function in the organization.
20 Introduction 5 That is the structure of this book. There is also a theme that runs through the book. It rests on five general points of principle that lie at the heart of IT Service Management both as a discipline and a management philosophy. These five points are: Technology assets in a business domain are the same, in spirit, as any other corporate asset and, like other assets, should be deployed in pursuit of defined business objectives. The activities required for harnessing technology assets to the needs of the business should be considered services that the IT organization provides on an ongoing basis. The IT organization (with executive support) should forge a close partnership with its business customers in order to determine as a team what technology services are needed and how they ought to perform. The IT organization should regularly measure the performance of its servicerelated activities and report its achievements back to the business. Together, IT management and business management should periodically review performance measures and seek in the data opportunities for improvement. As you begin the process of implementing your program you will see how each of the five points demonstrably contributes to the levels of quality, control, consistency, and predictability one would expect to see in a well-managed IT environment. To begin our look at implementation let s start with an overall high-level look at the core components.